SecAlerts
CVE ListPricingSign Up
MongoDB logo

MongoDB

Security Risk Profile

40
/100
medium

Security Risk Score

Comprehensive risk assessment based on 178 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 1, 2013 to present

178
Total CVEs
84
Critical+High
7
Exploited
60
Unpatched

Threat Assessment

Avg CVSS
6.8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
60
Critical/High
Risk Level
40/100
medium
⚠️ 7 Active Exploits 2 Zero-Days🆕 13Fresh (<7d)📈 23 in Last 30 Days

Severity Distribution

Critical
9
High
75
Medium
77
Low
6

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
49

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
16
2
Use After Free
7
3
Null Pointer Dereference
4
4
Integer Overflow
4
5
Infoleak
4

Most Affected Products

1. MongoDB MongoDB373
2. MongoDB MongoDB Server96
3. MongoDB Server24
4. MongoDB C Driver Mongodb9
5. MongoDB Ops Manager8

Recent Vulnerabilities

See more →
CVE-2026-9740
CVSS 8.7high

Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

6/9/2026🔧 No Patch
CVE-2026-9735
CVSS 6.8medium

Keyfile contents are in MongoDB Server logs

6/9/2026🔧 No Patch
CVE-2026-9754
CVSS 7.1high

Stack memory disclosure in filemd5 command

6/9/2026🔧 No Patch
CVE-2026-9753
CVSS 7.2high

Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

6/9/2026🔧 No Patch
CVE-2026-9752
CVSS 7.1high

GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

6/9/2026🔧 No Patch
CVE-2026-9751
CVSS 6.8medium

Sensitive data could be written to mongod.log

6/9/2026🔧 No Patch
CVE-2026-9750
CVSS 7.1high

Metadata name collision on $-prefixed fields causes post-auth server crash

6/9/2026🔧 No Patch
CVE-2026-9749
CVSS 7.1high

Using MaxKey() may crash the server

6/9/2026🔧 No Patch
CVE-2026-9748
CVSS 7.1high

$_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

6/9/2026🔧 No Patch
CVE-2026-9747
CVSS 7.1high

Crafted cross-shard merge aggregation crashes MongoDB Server

6/9/2026🔧 No Patch

Monitor MongoDB in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

MongoDB Security Vulnerabilities & Risk Score | 178 CVEs | SecAlerts - SecAlerts